[v2,2/9] KVM: PPC: Book3S HV: radix clear pte when unmapping

Message ID 20180509022022.21226-3-npiggin@gmail.com
State Accepted
Headers show
Series
  • assorted radix fixes and improvemets for page fault and invalidation
Related show

Commit Message

Nicholas Piggin May 9, 2018, 2:20 a.m.
The current partition table unmap code clears the _PAGE_PRESENT bit
out of the pte, which leaves pud_huge/pmd_huge true and does not
clear pud_present/pmd_present. This can confuse subsequent page
faults.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
 arch/powerpc/kvm/book3s_64_mmu_radix.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Paul Mackerras May 17, 2018, 12:13 a.m. | #1
On Wed, May 09, 2018 at 12:20:15PM +1000, Nicholas Piggin wrote:
> The current partition table unmap code clears the _PAGE_PRESENT bit
> out of the pte, which leaves pud_huge/pmd_huge true and does not
> clear pud_present/pmd_present. This can confuse subsequent page
> faults.
> 
> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
> ---
>  arch/powerpc/kvm/book3s_64_mmu_radix.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/powerpc/kvm/book3s_64_mmu_radix.c b/arch/powerpc/kvm/book3s_64_mmu_radix.c
> index a6870288c0e0..361f42c8c73e 100644
> --- a/arch/powerpc/kvm/book3s_64_mmu_radix.c
> +++ b/arch/powerpc/kvm/book3s_64_mmu_radix.c
> @@ -584,7 +584,7 @@ int kvm_unmap_radix(struct kvm *kvm, struct kvm_memory_slot *memslot,
>  
>  	ptep = __find_linux_pte(kvm->arch.pgtable, gpa, NULL, &shift);
>  	if (ptep && pte_present(*ptep)) {
> -		old = kvmppc_radix_update_pte(kvm, ptep, _PAGE_PRESENT, 0,
> +		old = kvmppc_radix_update_pte(kvm, ptep, ~0UL, 0,
>  					      gpa, shift);
>  		kvmppc_radix_tlbie_page(kvm, gpa, shift);
>  		if ((old & _PAGE_DIRTY) && memslot->dirty_bitmap) {

Have you seen this bug triggered in real life, or do you think it
could plausibly be triggered, with the rest of the code as it is?
I'm trying to work out whether this needs to go in 4.17 and to the
stable trees or not.  Could this cause a guest lockup in the case of a
THP split, for instance?

Thanks,
Paul.
--
To unsubscribe from this list: send the line "unsubscribe kvm-ppc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/arch/powerpc/kvm/book3s_64_mmu_radix.c b/arch/powerpc/kvm/book3s_64_mmu_radix.c
index a6870288c0e0..361f42c8c73e 100644
--- a/arch/powerpc/kvm/book3s_64_mmu_radix.c
+++ b/arch/powerpc/kvm/book3s_64_mmu_radix.c
@@ -584,7 +584,7 @@  int kvm_unmap_radix(struct kvm *kvm, struct kvm_memory_slot *memslot,
 
 	ptep = __find_linux_pte(kvm->arch.pgtable, gpa, NULL, &shift);
 	if (ptep && pte_present(*ptep)) {
-		old = kvmppc_radix_update_pte(kvm, ptep, _PAGE_PRESENT, 0,
+		old = kvmppc_radix_update_pte(kvm, ptep, ~0UL, 0,
 					      gpa, shift);
 		kvmppc_radix_tlbie_page(kvm, gpa, shift);
 		if ((old & _PAGE_DIRTY) && memslot->dirty_bitmap) {